﻿using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Data;
using System.Data.SqlClient;

namespace ESAM_Assignment_3
{
    public class UserClass
    {
        #region Attributes
        private int userID;
        private string username;
        private string password;
        #endregion

        #region Properties | GET and SET methods
        public int UserID
        {
            get { return userID; }
            set { userID = value; }
        }
        public string Username
        {
            get { return username; }
            set { username = value; }
        }
        public string Password
        {
            get { return password; }
            set { password = value; }
        }
        #endregion

        #region Constructor
        public UserClass()
        {
        }
        #endregion

        private static string connectionString = "data source=localhost; initial catalog=" + Common.Database_Name + "; integrated security=true; user id=sa; password=imsa";

        /// <summary>
        /// Method to authenticate a user base on username and password provided by the user. 
        /// Returns TRUE if the user is successfully authenticated. FALSE if no matching record is found.
        /// </summary>
        /// <param name="username"></param>
        /// <param name="password"></param>
        /// <returns></returns>
        public static bool UnsecuredLogin(string username, string password)
        {
            bool result = false;
            String strQuery = "";
            SqlConnection myConn = new SqlConnection();
            SqlCommand myCmd;

            try
            {
                myConn.ConnectionString = connectionString;
                myConn.Open();

                strQuery += "SELECT COUNT(*) FROM Users WHERE Username='" + username + "' AND Password='" + password + "'";
                myCmd = new SqlCommand(strQuery, myConn);
                int count = (int)myCmd.ExecuteScalar();

                //There should ONLY be ONE record returned since username is unique.
                if (count > 0)
                {
                    result = true;
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
            finally
            {
                myConn.Close();
            }

            return result;
        }

        /// <summary>
        /// Method to change the user's password. Current password will be verified first before updating to new password.
        /// </summary>
        /// <param name="userID"></param>
        /// <param name="CurrentPassword"></param>
        /// <param name="NewPassword"></param>
        /// <returns></returns>
        public static bool ChangePassword(string username, string CurrentPassword, string NewPassword)
        {
            bool result = false;
            String strQuery = "";
            SqlConnection myConn = new SqlConnection();
            SqlCommand myCmd;

            try
            {
                myConn.ConnectionString = connectionString;
                myConn.Open();

                strQuery += "SELECT COUNT(*) FROM Users WHERE Username='" + username + "' AND password='" + CurrentPassword + "'";
                myCmd = new SqlCommand(strQuery, myConn);
                int count = (int)myCmd.ExecuteScalar();

                //There should ONLY be ONE record returned since UserID is unique.
                if (count > 0)
                {
                    strQuery += "UPDATE Users SET Password='" + NewPassword + "' WHERE Username='" + username + "'";
                    myCmd = new SqlCommand(strQuery, myConn);
                    int row = (int)myCmd.ExecuteScalar();

                    if (row == 1)
                    {
                        //There should ONLY be ONE record modified since UserID is unique.
                        result = true;
                    }
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
            finally
            {
                myConn.Close();
            }

            return result;
        }

        /// <summary>
        /// Method to retrieve the user's Fullname after the user has been authenticated.
        /// </summary>
        /// <param name="username"></param>
        /// <returns></returns>
        public static string GetFullname(string username)
        {
            String strQuery = "";
            SqlConnection myConn = new SqlConnection();
            SqlCommand myCmd;

            string result = "";

            try
            {
                myConn.ConnectionString = connectionString;
                myConn.Open();

                strQuery += "SELECT Fullname FROM Users WHERE Username='" + username.ToString() + "'";
                myCmd = new SqlCommand(strQuery, myConn);
                SqlDataReader dr = myCmd.ExecuteReader();
                while (dr.Read())
                {
                    result = dr.GetString(0);
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
            finally
            {
                myConn.Close();
            }

            return result;
        }

        /// <summary>
        /// Method to retrieve the user's unique UserID after the user has been authenticated.
        /// </summary>
        /// <param name="username"></param>
        /// <returns></returns>
        public static string GetUserID222(string username)
        {
            String strQuery = "";
            SqlConnection myConn = new SqlConnection();
            SqlCommand myCmd;

            string result = "";

            try
            {
                myConn.ConnectionString = connectionString;
                myConn.Open();

                strQuery += "SELECT UserID FROM Users WHERE Username='" + username.ToString() + "'";
                myCmd = new SqlCommand(strQuery, myConn);
                SqlDataReader dr = myCmd.ExecuteReader();
                while (dr.Read())
                {
                    result = dr.GetInt32(0).ToString();
                }
            }
            catch (Exception ex)
            {
                throw new Exception(ex.Message);
            }
            finally
            {
                myConn.Close();
            }

            return result;
        }
    }
}